The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory on an Iranian advanced persistent threat (APT) actor targeting U.S. state websites, including elections websites to obtain voter registration data.
Using the Acunetix vulnerability scanner, this actor took initial steps that enabled them to obtain information in order to disseminate election-related disinformation to U.S. citizens using voter intimidation emails. Joint Cybersecurity Advisory AA20-304A: Iranian APT Actor Identified Obtaining Voter Registration Data provides indicators of compromise and recommended mitigations for affected entities.
CISA and the FBI advise organizations that do not regularly use Acunetix to monitor their logs for any activity from the program that originates from IP addresses provided in Joint Cybersecurity Advisory AA20-304A: Iranian APT Actor Identified Obtaining Voter Registration Data and consider it malicious reconnaissance behavior.
This product is provided subject to this Notification and this Privacy & Use policy.